diff options
| author | Francisco Redondo Marchena <francisco.marchena@codethink.co.uk> | 2014-11-17 11:59:47 +0000 |
|---|---|---|
| committer | Richard Ipsum <richardipsum@fastmail.co.uk> | 2014-11-27 18:12:13 +0000 |
| commit | a8f263dc868bb91ad399acb749d59f2435ac093e (patch) | |
| tree | f4890209a845b74761150156522fd409ffaac06e | |
| parent | a938e5d9af04a804a503984a23d4a6071f026130 (diff) | |
| download | definitions-a8f263dc868bb91ad399acb749d59f2435ac093e.tar.gz | |
Add nova user to sudoers group, using rootwrap to control it
Nova user needs to run commands as a root, in order to filter
this commands openstack uses rootwrap. Nova needs root permissions
to run this commands, so this patch adds it to sudoers for the rootwrap
application and configuration.
| -rw-r--r-- | openstack-nova.configure | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/openstack-nova.configure b/openstack-nova.configure index c04dd82c..ee937007 100644 --- a/openstack-nova.configure +++ b/openstack-nova.configure @@ -61,3 +61,9 @@ ln -sf ../libvirt-guests.service "$wants_dir/libvirt-guests.service" sed -i "s/192\.168\.122\./192\.168\.1\./g" \ "$ROOT"/etc/libvirt/qemu/networks/default.xml + +########################################################################## +# Add nova to sudoers controlling which commands is running as a root +# using the openstack rootwrap. +########################################################################## +echo 'nova ALL=(ALL) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *' >> "$ROOT/etc/sudoers" |